Account Morphing
Discovered By:
Red Ryder & Happy Hardcore
Date:
August-September 1995
Patched:
1st time September 1995/ 2nd time October 1995
Perhaps the biggest token exploit ever to occur on AOL. This led to
several other key exploits and hacks of the time. Which leaves no doubt
that 1995 was the most astonishing year of AOL hacks ever.
While signed onto an AOL account. It was possible to send the porch
tokens Dd/Dp etc and sign onto another AOL account without signing off the
first one. This trick was not useful until it was discovered that by
sending the porch tokens in a certain manner it was possible to sign onto
any account without knowing the password.
The main token which allowed this was the Dg Guest token. The way AOL's
host side buffer system worked at the time was that with the Dg token even
if you got the password wrong the Screen Name you entered would still be
stored on on AOL's host side. For example, you would sign onto an AOL
account you have the password to, then send the Dg token with the sn you
want to get on and an invalid password. As soon as Dg is sent, your
current sn changes and your mailbox and everything else updates to the sn
you sent with the Dg token. Thus, you morphed into an account you didn't
give a password to.
The first flavor of the exploit was patched by AOL in early September
after dozens of Mac hax0rs went on a rampage signing onto several AOL
employee accounts. However, using the Dp token, Happy Hardcore was again
able to open up this exploit. This exploit stayed alive until mid October
when Hardcore told an employee how to fix the hole.
Contributed By:
O0O and Hypah
|
